Calum Burnett, Nigel Parker, Brandon O'Neil, Hugo Flaux and Jason Rix, all from Allen & Overy take a look at GDPR from a litigator's perspective as it hits its first anniversary. I enjoyed reading this article as it very much looked at GDPR through one particular lens as well as analysing how it should be interpreted in that context.
It is important to note that there is no "one size fits all" solution when it comes to managing the conflicting demands of disclosure and litigation with GDPR. Every matter will have specific attributes and features that can impact what and how decisions are made and implemented.
From a technology perspective, there is a wide variety of solutions that can be useful when combined with an appropriate legal process - for example, redacting personal data, a process which can be automated but is not straight forward, as the authors highlight. It is important, when faced with these challenges, not to be tied to a standard process and to realise that decisions can be made throughout the entire disclosure process that helps manage the conflict. For example:
- considering how and what data is collected and whether specific datasets, or parts thereof, are excluded from on-going processing;
- whether to use exclusion terms as well as inclusive terms when searching and analysing the data; and
- how and when to use machine learning technologies/predictive coding/technology assisted review.
The above are just three examples of the how technology and the decisions made over how to implement it can help manage the conflict that sometimes occurs between GDPR and litigation. It is also important to consider where the activities take place, as being able to perform all or some of the processes at a client site can make a tangible difference.
In all cases, we would recommend early consultation with a law firm as well as a technology expert to ensure appropriate decisions are made and implemented.
Virtually all evidence, whether in litigation or arbitration or relating to investigations carried out by regulators or enforcement authorities, will contain some personal data. A year on from the EU General Data Protection Regulation (universally known as GDPR) coming into force, we examine what it means for disputes and contentious regulatory/enforcement matters